WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / Auditing vSphere Datastore activities (Download, Upload, Copy, Move, Rename and Delete)

Auditing vSphere Datastore activities (Download, Upload, Copy, Move, Rename and Delete)

04.18.2023 by William Lam // Leave a Comment

What feels like a weekly response, vCenter Server Events, should always be your initial starting point in helping you understand the Who, What and When for something occurring within your vSphere environment. There are over 2K+ events that are published out of the box from vCenter Server with hundreds more from 2nd and 3rd party solutions that integrate with vCenter Server.

Combine vCenter Server Events with the power of the VMware Event Broker Appliance (VEBA), you now have a powerful Event-Driven Automation solution that can solve literally a limitless number of use cases, many of which have been shared by existing users found in this document HERE.

Today, I had received a question about auditing customers vSphere Datastore activities and identifying when someone has manually downloaded a Virtual Machine Virtual Disk (VMDK)?


As you probably have guessed, the answer lies within the vCenter Server Events! In fact, you can even see this in the vSphere UI under Events when selecting the vCenter Server inventory object as shown in the screenshot above.

In the example above, I have manually browsed to the vSphere Datastore and downloaded both the VMX and VMDK file for a given VM and we can see this is captured in vCenter Server as DatastoreFileDownloadEvent, which not only includes the Who and the When but details on the What was downloaded. You can easily use the vSphere API to audit for such events or you can leverage VEBA to build real-time notification when such events occur and immediately notify administrators or your security team and even storing this information in a long term archival system for audit and compliance purposes. As I said earlier, the possibilities are truly endless!

In addition to the DatastoreFileDownloadEvent, there are other types of vSphere Datastore activities that you might be interested in and I have put together the list of other vCenter Server Events that map to these activities below for your reference:

  • DatastoreFileUploadEvent - Uploading files to vSphere Datastore
  • DatastoreFileCopiedEvent - Copying files from vSphere Datastore
  • DatastoreFileDeletedEvent - Deleting files from vSphere Datastore
  • DatastoreFileMovedEvent - Moving or Renaming files from vSphere Datastore

Hopefully the next time you are trying to understand a change within your vSphere environment, vCenter Server Events will be the first place you check and using the vSphere UI under the Events view, will also help you quickly identify the name of the vCenter Server Event that you can then use to subscribe to and build powerful Event-Driven Automation workflows.

More from my site

  • Exporting An Amazon EC2 Instance To Run On vSphere
  • Lossless OVF Export in vSphere 5.1 & vCloud Director 5.1
  • Quick Tip - Certificate is not trusted when importing signed OVF/OVA into vCenter Server
  • Quick Tip - Dynamic OVF input properties using DeploymentOptions
  • Why does Deploy OVF Template operation show vpxd-extension-[uuid]?

Categories // Automation, vSphere Tags // export, ova, ovf, vmdk

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...